4 matches found
CVE-2022-43214
Billing System Project v1.0 contains a SQL injection vulnerability in printOrder.php via the orderId parameter. Root cause is lack of input validation, enabling potentially unauthorized access to sensitive database data (CVE-2022-43214). CVSS v3.1 base score 9.8 (CRITICAL). Exploit details are no...
CVE-2022-43215
CVE-2022-43215 affects Billing System Project v1.0. The vulnerability is a SQL injection in the endDate parameter of the getOrderReport.php endpoint, as described across multiple sources. The issue arises from lack of input validation, enabling an attacker to influence SQL queries and potentially...
CVE-2022-41504
CVE-2022-41504 is an arbitrary file upload vulnerability in the Billing System Project v1.0, specifically in the /php_action/editProductImage.php component. The issue allows an attacker to upload a crafted PHP file and achieve arbitrary code execution. The CVSS score is High (7.2) with network at...
CVE-2022-41498
CVE-2022-41498 affects the Billing System Project v1.0, with a confirmed SQL injection vulnerability exploitable via the id parameter at /phpinventory/editbrand.php. The CVE entry lists a base score of 7.2 (High, CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The exploitation status is not provi...